[TriLUG] cracked shared hosting: what to do?
Kevin Hunter Kesling
hunteke at earlham.edu
Wed Apr 17 19:22:39 EDT 2013
At 7:09pm -0400 Wed, 17 Apr 2013, Scott Miller wrote:
> If the compromise and attacker used a php shell on that same shared
> hosting server (on any adjacent site), they can then make changes to
> files or anything they want and nothing is logged.
>
> Check out any of these php shells:
>
> http://www.securityaegis.com/web-shells-for-all/
>
> With these you can upload files, change files, execute code, change
> file timestamps, all transparent and not logged anywhere by logs.
> (Will not put anything in apache logs)
No kidding. I had not run across these before. I wonder if this -- or
automated equivalent -- is what is/was happening. Thanks for the pointer!
> It all depends on how secure or insecure dreamhost shared hosting is
> as to how much one could change via this method.
Heh, as alluded to by John, I imagine it's the latter. John's right,
but I have to convince my boss of that. For now, that's all he wrote.
Cheers and thanks,
Kevin
More information about the TriLUG
mailing list